PT-2016-7159 · Huawei · Huawei Ar2500+12
Published
2016-08-24
·
Updated
2016-09-28
·
CVE-2016-6901
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers versions prior to V200R007C00SPC900
Huawei NetEngine 16EX routers versions prior to V200R007C00SPC900
Description
The issue is related to a format string vulnerability that can be exploited by remote authenticated users to cause a denial of service. This occurs when the system processes partial commands that contain format string specifiers. An authenticated attacker could exploit this vulnerability, leading to a denial of service.
Recommendations
For Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers versions prior to V200R007C00SPC900, update to version V200R007C00SPC900 or later.
For Huawei NetEngine 16EX routers versions prior to V200R007C00SPC900, update to version V200R007C00SPC900 or later.
As a temporary workaround, consider restricting access to partial commands until a patch is available.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Ar100
Huawei Ar120-S
Huawei Ar1200
Huawei Ar150
Huawei Ar200
Huawei Ar2200
Huawei Ar2500
Huawei Ar3200
Huawei Ar3600
Huawei Ar500
Huawei Ar550
Huawei Netengine16Ex
Huawei Vrp